Linux建立互信

于 2024-09-25 22:55:46 发布
阅读量350 收藏 1
点赞数 6
分类专栏: linux 文章标签: linux ssh
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/myneth/article/details/142535095
版权

文章目录

两节点互信

目的:

192.168.1.101 免密登录 192.168.1.102

环境信息

主机名IP地址备注
testos1192.168.1.101testos1以下简称A
testos2192.168.1.102testos2以下简称B

互信过程

#1、在A上生成公钥和私钥(一直回车直到结束)
cd
ssh-keygen -t rsa
#2、查看系统生成的公钥私钥对
ls -lsa /root/.ssh/*rsa*
#3、将A的公钥拷贝到B对应路径下(需要输入B的密码)
ssh-copy-id root@192.168.1.102
#4、进入B查看步骤3文件是否写入
[root@testos2 ~]# cat /root/.ssh/authorized_keys 
#5、免密验证
ssh 192.168.1.102

互信完整过程

#1、在A上生成公钥和私钥(一直回车直到结束)
[root@testos1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6SzaSGc30BbSlQBFsCM0DURJWAPgGwkZvYoj8FEP1as root@testos1
The key's randomart image is:
+---[RSA 2048]----+
|+=.BX=+*+...     |
|+ +.+o.o...      |
| + o.o+ o.       |
|. =  ..+.o       |
|o+ .  ..S        |
|= .   E=         |
|..  . + =        |
|   . * o .       |
|    o .          |
+----[SHA256]-----+
#2、查看系统生成的公钥私钥对
[root@testos1 ~]# ls -lsa /root/.ssh/*rsa*
4 -rw-------. 1 root root 1679 Sep  7 16:32 /root/.ssh/id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 16:32 /root/.ssh/id_rsa.pub
#3、将A的公钥拷贝到B对应路径下的文件里(需要输入B的密码)
[root@testos1 ~]# ssh-copy-id root@192.168.1.102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:1AeC9yOAxokwy7VF7TpyQGbhvryeblt1kRcxx3/9BBk.
ECDSA key fingerprint is MD5:fb:3c:24:0c:79:c4:e7:1f:19:ce:ef:cd:56:5f:4c:0a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.102's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.1.102'"
and check to make sure that only the key(s) you wanted were added.

#4、进入B查看步骤3文件是否写入
[root@testos2 ~]# cat /root/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV6iCGRxKkAkq8FImTno8TGBIcdG5rStxwKFDtYc+7YGx1Uq2jK8E7TbNbiqNTEdI5VqTDXHROjDrAQxqa1Its52qqZ6m34VukvVAn9rs/aX4YdDnPW4RQ1bXjPTqFnrnXQGCLx14oR80ay8Q2zH4kIR+fUEeWFTqs2H5Sa3+drd51DxfcaqyXcqUYotvs9gp6fckR94yTqcbxDjQnWAsFEv6jGKPCK5XwOHBusnxDxIATgZ2zhkhvkUBtDsLe+sDgwnEzMfdFlXBAy0I8a8rCNF9rG/8QHcfBLWvhAIifyhbdoDd1+1jGIMuW9FlguhfuGvAqPEE22YkChAPtqNgH root@testos1
#5、A免密登录B验证
[root@testos1 ~]# ssh 192.168.1.102
Last login: Wed Sep  7 14:34:14 2022 from 192.168.1.101
[root@testos2 ~]#

说明

#如上步骤3文件拷贝到B哪个路径下可以看B上的sshd配置
[root@testos2 /]# cat /etc/ssh/sshd_config|grep AuthorizedKeysFile
AuthorizedKeysFile      .ssh/authorized_keys
#如上可以看出是用户家目录.ssh文件夹下的authorized_keys文件

#第3步会提示指纹认证
[root@testos1 ~]# ssh-copy-id root@192.168.1.102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:1AeC9yOAxokwy7VF7TpyQGbhvryeblt1kRcxx3/9BBk.
ECDSA key fingerprint is MD5:fb:3c:24:0c:79:c4:e7:1f:19:ce:ef:cd:56:5f:4c:0a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.102's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.1.102'"
and check to make sure that only the key(s) you wanted were added.


#输入yes之后会在A的/root/.ssh目录下生成known_hosts文件
[root@testos1 .ssh]# ls -lsa /root/.ssh/known_hosts
4 -rw-r--r--. 1 root root 175 Sep  7 16:40 /root/.ssh/known_hosts
[root@testos1 .ssh]# 

[root@testos1 .ssh]# cat /root/.ssh/known_hosts 
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
#如上A 上/root/.ssh/known_hosts文件里面的内容就是B的公钥,采用的是ecdsa方式生成的公钥
[root@testos2 ~]# cd /etc/ssh/
[root@testos2 ssh]# cat ssh_host_ecdsa_key.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac= 
[root@testos2 ssh]# 



#同时A连接B拷贝自己的公钥的时候,认证的指纹就是通过B的私钥加密的,B使用的私钥也是ecdsa,用以确定连接的是对的主机
[root@testos2 ~]# cd /etc/ssh/
[root@testos2 ssh]# ll
total 604
-rw-r--r--. 1 root root     581843 8  9 2019 moduli
-rw-r--r--. 1 root root       2276 8  9 2019 ssh_config
-rw-------. 1 root root       3907 8  9 2019 sshd_config
-rw-r-----. 1 root ssh_keys    227 12 2 2021 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 12 2 2021 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 12 2 2021 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 12 2 2021 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys   1679 12 2 2021 ssh_host_rsa_key
-rw-r--r--. 1 root root        382 12 2 2021 ssh_host_rsa_key.pub
[root@testos2 ssh]# ssh-keygen -lf ssh_host_ecdsa_key
256 SHA256:1AeC9yOAxokwy7VF7TpyQGbhvryeblt1kRcxx3/9BBk ssh_host_ecdsa_key.pub (ECDSA)
[root@testos2 ssh]#

三节点间互信(IP)

环境信息

主机名IP地址备注
testos1192.168.1.101testos1以下简称A
testos2192.168.1.102testos2以下简称B
testos3192.168.1.103testos3以下简称C

各个节点的hosts设置

[root@testos1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 testos1
192.168.1.102 testos2
192.168.1.103 testos3
[root@testos1 ~]#

互信过程

#1.分别在A B C创建公钥和私钥
cd
ssh-keygen -t rsa 

#2.在A上执行以下命令,整合公钥文件 
#2.1
ssh 192.168.1.101 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#2.2
ssh 192.168.1.102 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#2.3
ssh 192.168.1.103 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#说明:
2.1 跑完 A自己互信成功   
2.2 跑完 B-A之前互信了,但是没有指纹认证(B的known_hosts中没有A的信息,B ssh 连接 A需要输入一次yes但是不需要输入密码)
2.3 跑完 C-A之间互信了,但是没有指纹认证(C的known_hosts中没有A的信息,C ssh 连接 A需要输入一次yes但是不需要输入密码)
2.3跑完 A的authorized_keys收集到了ABC三个节点的公钥信息,同时A指纹认证ABC成功


#3.在A上执行以下命令,分发整合后的公钥文件 
scp ~/.ssh/authorized_keys 192.168.1.102:~/.ssh/
scp ~/.ssh/authorized_keys 192.168.1.103:~/.ssh/

#3 跑完ABC之间相互持有了对方和自己的公钥,此时真正免密登录的只有 A—A、A-B、A-C,BC上没有known_hosts文件,所以B到其他节点(包含自己),C到其他节点(包含)第一次需要输入一次yes


#4.把A上的known_hosts文件传到其他BC节点
scp ~/.ssh/known_hosts 192.168.1.102:~/.ssh/
scp ~/.ssh/known_hosts 192.168.1.103:~/.ssh/

#4跑完之后相互之间的互相完成
#4跑完之后ABC ip地址之间ssh是互通的,但是因为各个节点的known_hosts文件中只记录了IP地址,没有记录主机名,所以主机名之间ssh的话,第一次还是需要指纹认证

#5.主机名加到known_hosts中(A节点操作)
ssh testos1
exit
ssh testos2
exit
ssh testos3
exit
scp ~/.ssh/known_hosts 192.168.1.102:~/.ssh/
scp ~/.ssh/known_hosts 192.168.1.103:~/.ssh/

说明

#1 结束之后各节点的信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 22:26 .
0 dr-xr-x---. 4 root root  159 Sep  7 22:25 ..
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos1 ~]# 

[root@testos2 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  7 22:32 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos2 ~]# 

[root@testos3 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  7 22:35 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos3 ~]# 


#2 结束之后各节点的信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 22:26 .
0 dr-xr-x---. 4 root root  159 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:34 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
4 -rw-r--r--. 1 root root  525 Sep  7 22:34 known_hosts
[root@testos1 ~]# 

[root@testos1 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos1 ~]# cat /root/.ssh/known_hosts
192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos1 ~]# 



[root@testos2 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  7 22:32 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos2 ~]# 

[root@testos3 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  7 22:35 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos3 ~]# 



#3 跑完各个节点的信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 22:26 .
0 dr-xr-x---. 4 root root  159 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:34 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
4 -rw-r--r--. 1 root root  525 Sep  7 22:34 known_hosts
[root@testos1 ~]# 
[root@testos1 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos1 .ssh]# cat known_hosts 
192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos1 .ssh]# 


[root@testos2 ~]# ls -lsa /root/.ssh/
total 12
0 drwx------. 2 root root   61 Sep  7 22:55 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:55 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos2 ~]# 
[root@testos2 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos2 .ssh]# 


[root@testos3 ~]# ls -lsa /root/.ssh/
total 12
0 drwx------. 2 root root   61 Sep  7 22:56 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:56 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
[root@testos3 ~]# 
[root@testos3 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3


#4跑完之后各个节点信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 22:26 .
0 dr-xr-x---. 4 root root  159 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:34 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
4 -rw-r--r--. 1 root root  525 Sep  7 22:34 known_hosts
[root@testos1 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos1 ~]# cat /root/.ssh/known_hosts
192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos1 ~]# 



[root@testos2 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 23:09 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:55 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
4 -rw-r--r--. 1 root root  525 Sep  7 23:09 known_hosts
[root@testos2 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos2 ~]# cat /root/.ssh/known_hosts
192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos2 ~]# 


[root@testos3 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  7 23:09 .
0 dr-xr-x---. 3 root root  147 Sep  7 22:25 ..
4 -rw-r--r--. 1 root root 1179 Sep  7 22:56 authorized_keys
4 -rw-------. 1 root root 1675 Sep  7 22:25 id_rsa
4 -rw-r--r--. 1 root root  393 Sep  7 22:25 id_rsa.pub
4 -rw-r--r--. 1 root root  525 Sep  7 23:09 known_hosts
[root@testos3 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSSVPiZltz1rEAztaq1BfiXzgn8NomWzyO1OUSlGXUstrHUD9BNcp7VQ4Y56rQGVqQ0t9FBdh7O7ahn1PwoOlu8KjWoGv0HF257kKe9Lee64XQf1/ZZdx6xrPMs2ZDoQzFsTWzQfMGmTY8OtLq7bsEIlL45Xsp8l3b7qD4VXJGRrFZxKe0aarN+yScc9gWEimP5gm8OHg3GNYOP1WOUgxIFLJRi1xVNg03+ZBOIMjqN922ndqm7UnzmhlX/qef9zJQjvWIsx1UK/fjEmiZeLrKsrKfwdN+XgqqvSErCxP86CSUMTNJlPnLoYoHeiST8PhwqdvwMu9EHJUmkL/2IupP root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZEmRyKVErCSSqq4SKLoGFQ9nb6wO2CI0kBNSPqjsOuYZzS3Mf/OOTFdmHhZy8u+gp4e6oM5h4bOFByHce6Lv5wcMnQkMpXbO/D3t3U0OLJeMSoz3/OIUmAS8f5zg2YkkE8QYRMck9NCLHe/7WEamwV+kkGXqIP6vNHJwQCD5la84z+YalEmiDIS0aSbOvNb4kPx31u+ez8HDp2iDGfl4Q1wmLZiWBhj5iu0AzURj49fHtbC5aK6iyS2BV5rDTeQiihY+gIlklWYN7oUXH7q6n1h92rmi5nq04rc6gpnqA6qcgzSviQRvskC7NApP+YysIX0O9d/TSZ6O833L/qraN root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGobnBNKzqVMQhTWAcn2OUOBQhDuFl0IdjL5jMIkh8JlDrPoVBFzA/BEcmOKyDRgQWVsF085VOC+RbMpoUIg9Kv+9lj0ms0OTQ4VIUkUH+cMVkOLGUFgjEQu9yQgxhxgg+4sAtYnXypoQdPXLr/uQfcpTTTO0lPiorj5HFp1etpN9fWM2/3WZaMZPw6r661OfB5XNBDV3toIRZ1iexSxaJr1suKb2ZzxaVsupEuJ9rBkV7WIAa/TIoHTHPP23WucceDv+PxMP1O6Zt6BkANbMBGME62PsJ2asRClW37YHTIikaQJpR6C7j6X1WvYkl6rKui7XuO+gzrakswRgeKKUf root@testos3
[root@testos3 ~]# cat /root/.ssh/known_hosts
192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos3 ~]#

三节点互信(主机名)

环境信息

主机名IP地址备注
testos1192.168.1.101testos1以下简称A
testos2192.168.1.102testos2以下简称B
testos3192.168.1.103testos3以下简称C

各个节点的hosts设置

[root@testos1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 testos1
192.168.1.102 testos2
192.168.1.103 testos3
[root@testos1 ~]#

互信过程

#1.分别在A B C创建公钥和私钥
cd
ssh-keygen -t rsa 

#2.在A上执行以下命令,整合公钥文件 
#2.1
ssh testos1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#2.2
ssh testos2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#2.3
ssh testos3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#说明:
2.1 跑完 A自己互信成功   
2.2 跑完 B-A之前互信了,但是没有指纹认证(B的known_hosts中没有A的信息,B ssh 连接 A需要输入一次yes但是不需要输入密码)
2.3 跑完 C-A之间互信了,但是没有指纹认证(C的known_hosts中没有A的信息,C ssh 连接 A需要输入一次yes但是不需要输入密码)
2.3跑完 A的authorized_keys收集到了ABC三个节点的公钥信息,同时A指纹认证ABC成功


#3.在A上执行以下命令,分发整合后的公钥文件 
scp ~/.ssh/authorized_keys testos2:~/.ssh/
scp ~/.ssh/authorized_keys testos3:~/.ssh/

#3 跑完ABC之间相互持有了对方和自己的公钥,此时真正免密登录的只有 A—A、A-B、A-C,BC上没有known_hosts文件,所以B到其他节点(包含自己),C到其他节点(包含)第一次需要输入一次yes


#4.把A上的known_hosts文件传到其他BC节点
scp ~/.ssh/known_hosts testos2:~/.ssh/
scp ~/.ssh/known_hosts testos3:~/.ssh/

#4跑完之后相互之间的互相完成
#4跑完之后ABC 之间IP和hostname的互相都搞好了  直接ssh就可以互相连接,不同指纹认证

说明

#1 跑完各节点查询
[root@testos1 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  8 10:08 .
0 dr-xr-x---. 4 root root  159 Sep  8 10:08 ..
4 -rw-------. 1 root root 1679 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
[root@testos1 ~]# 

[root@testos2 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  8 10:08 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:08 ..
4 -rw-------. 1 root root 1675 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
[root@testos2 ~]# 

[root@testos3 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  8 10:09 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:09 ..
4 -rw-------. 1 root root 1679 Sep  8 10:09 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:09 id_rsa.pub
[root@testos3 ~]#

#2 结束之后各节点的信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  8 15:52 .
0 dr-xr-x---. 4 root root  159 Sep  8 10:08 ..
4 -rw-r--r--. 1 root root 1182 Sep  8 15:52 authorized_keys
4 -rw-------. 1 root root 1679 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
4 -rw-r--r--. 1 root root  549 Sep  8 15:52 known_hosts
[root@testos1 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM//HN70PzTafLDUq4VtaNNb78Uy65CrD1LmwLAx3+60sGnurUmmbc5Ls3hVCRJOFM6WmWYfpMOhRQ9ovZ5gKW3uTUdH8E8jxkwvfujsvFvXJgnv9G/akd6yS5OyiMEMoBvB02qRqTnMzXBn6ccCaBnZlgqYbiQpsLauha3FESF7qVV4bTU7Lthp7lHMpfwDfm9SimhbgiMZY4quaX23NVlNj/vJVDN3SW+HqwJBM/aXx9uGU/fMArBp42fLXZZjTb4CvuT1FKhCQhIc4fdP0I8pdLVpFW/p0LRbetAXmaFXcaEuo5wXFnGfDBXfey4gZaOX0B8q4Qb7h21+0W9sQH root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNH23WbgmRLyrrcKb2WLcCygfkezYZcpd3J2VyEgm/xT266z1D3MQviOTfJ9M1nvOxBN+X0qyovcOiK+mSCO68Q5zwhQR/0VqwkLo/93RU9fK8ZjsTKtxqC/g9n/eGCzPNCxZJs1Iy5xBVYsU/pdJfVGEUQUIeIyGfK+4/NfwWXDzXjm3c/DDrFJGU8OxZF9hghnGbtmStP2G2Ptwk6fDrhJ94hdiGCKtsxLdgO7T/w66OLUSomlXyYODnAm95Nb0BCs2zmBfD69LZR0RrvyIBzGX4M7HuvAXBRoL6Mg/btf60SNEKQRuFNJJk16HgVrbIV6EW+3lyyE+bzDuUs9oR root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBjvazbuX/1xJELPDhrICI8ougmnvtPCrLakerdC/5v6yzev21nI0tGWQB2TC0HEkr3ppNfmLmv9g+4cqOtyf0yRmDrBzu+jjx7Q6du4G2jOZseePKUJnGPUz9+/39VcmoQhFAuHCZbY8VYKiNcgKlmIe177RHBxHuKyD1Z3h29nbQPf+gYwgXR/EiXqZCj4l/gY6Q6cMaxvKGhRYUd6qyiA+aw7ddSSSbl1p3O+vbNwqOqa3PMZ502MGT8dtQMLn8Lug9SJclyXyTmPhiRWiZfIatquvsbMxym0v1P8LNvxCUoFblaGT3i7eW5fEtSZPY0RlGMjyHuKkfqbp83yHb root@testos3
[root@testos1 ~]# cat /root/.ssh/known_hosts
testos1,192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
testos2,192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
testos3,192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos1 ~]# 

[root@testos2 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  8 10:08 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:08 ..
4 -rw-------. 1 root root 1675 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
[root@testos2 ~]# 

[root@testos3 ~]# ls -lsa /root/.ssh/
total 8
0 drwx------. 2 root root   38 Sep  8 10:09 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:09 ..
4 -rw-------. 1 root root 1679 Sep  8 10:09 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:09 id_rsa.pub
[root@testos3 ~]#


#3跑完各节点的信息
[root@testos1 ~]# ls -lsa /root/.ssh/
total 16
0 drwx------. 2 root root   80 Sep  8 15:52 .
0 dr-xr-x---. 4 root root  159 Sep  8 10:08 ..
4 -rw-r--r--. 1 root root 1182 Sep  8 15:52 authorized_keys
4 -rw-------. 1 root root 1679 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
4 -rw-r--r--. 1 root root  549 Sep  8 15:52 known_hosts
[root@testos1 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM//HN70PzTafLDUq4VtaNNb78Uy65CrD1LmwLAx3+60sGnurUmmbc5Ls3hVCRJOFM6WmWYfpMOhRQ9ovZ5gKW3uTUdH8E8jxkwvfujsvFvXJgnv9G/akd6yS5OyiMEMoBvB02qRqTnMzXBn6ccCaBnZlgqYbiQpsLauha3FESF7qVV4bTU7Lthp7lHMpfwDfm9SimhbgiMZY4quaX23NVlNj/vJVDN3SW+HqwJBM/aXx9uGU/fMArBp42fLXZZjTb4CvuT1FKhCQhIc4fdP0I8pdLVpFW/p0LRbetAXmaFXcaEuo5wXFnGfDBXfey4gZaOX0B8q4Qb7h21+0W9sQH root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNH23WbgmRLyrrcKb2WLcCygfkezYZcpd3J2VyEgm/xT266z1D3MQviOTfJ9M1nvOxBN+X0qyovcOiK+mSCO68Q5zwhQR/0VqwkLo/93RU9fK8ZjsTKtxqC/g9n/eGCzPNCxZJs1Iy5xBVYsU/pdJfVGEUQUIeIyGfK+4/NfwWXDzXjm3c/DDrFJGU8OxZF9hghnGbtmStP2G2Ptwk6fDrhJ94hdiGCKtsxLdgO7T/w66OLUSomlXyYODnAm95Nb0BCs2zmBfD69LZR0RrvyIBzGX4M7HuvAXBRoL6Mg/btf60SNEKQRuFNJJk16HgVrbIV6EW+3lyyE+bzDuUs9oR root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBjvazbuX/1xJELPDhrICI8ougmnvtPCrLakerdC/5v6yzev21nI0tGWQB2TC0HEkr3ppNfmLmv9g+4cqOtyf0yRmDrBzu+jjx7Q6du4G2jOZseePKUJnGPUz9+/39VcmoQhFAuHCZbY8VYKiNcgKlmIe177RHBxHuKyD1Z3h29nbQPf+gYwgXR/EiXqZCj4l/gY6Q6cMaxvKGhRYUd6qyiA+aw7ddSSSbl1p3O+vbNwqOqa3PMZ502MGT8dtQMLn8Lug9SJclyXyTmPhiRWiZfIatquvsbMxym0v1P8LNvxCUoFblaGT3i7eW5fEtSZPY0RlGMjyHuKkfqbp83yHb root@testos3
[root@testos1 ~]# cat /root/.ssh/known_hosts
testos1,192.168.1.101 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
testos2,192.168.1.102 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
testos3,192.168.1.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIi7C3hUy4Ys30/TcBief4gi7TbSJbarWjL4zsBG7ZLS9J7RjXHKm10Den1Lf9L+nWA0+Au+R75GnyE664meTac=
[root@testos1 ~]# 


[root@testos2 ~]# ls -lsa /root/.ssh/
total 12
0 drwx------. 2 root root   61 Sep  8 15:56 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:08 ..
4 -rw-r--r--. 1 root root 1182 Sep  8 15:56 authorized_keys
4 -rw-------. 1 root root 1675 Sep  8 10:08 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:08 id_rsa.pub
[root@testos2 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM//HN70PzTafLDUq4VtaNNb78Uy65CrD1LmwLAx3+60sGnurUmmbc5Ls3hVCRJOFM6WmWYfpMOhRQ9ovZ5gKW3uTUdH8E8jxkwvfujsvFvXJgnv9G/akd6yS5OyiMEMoBvB02qRqTnMzXBn6ccCaBnZlgqYbiQpsLauha3FESF7qVV4bTU7Lthp7lHMpfwDfm9SimhbgiMZY4quaX23NVlNj/vJVDN3SW+HqwJBM/aXx9uGU/fMArBp42fLXZZjTb4CvuT1FKhCQhIc4fdP0I8pdLVpFW/p0LRbetAXmaFXcaEuo5wXFnGfDBXfey4gZaOX0B8q4Qb7h21+0W9sQH root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNH23WbgmRLyrrcKb2WLcCygfkezYZcpd3J2VyEgm/xT266z1D3MQviOTfJ9M1nvOxBN+X0qyovcOiK+mSCO68Q5zwhQR/0VqwkLo/93RU9fK8ZjsTKtxqC/g9n/eGCzPNCxZJs1Iy5xBVYsU/pdJfVGEUQUIeIyGfK+4/NfwWXDzXjm3c/DDrFJGU8OxZF9hghnGbtmStP2G2Ptwk6fDrhJ94hdiGCKtsxLdgO7T/w66OLUSomlXyYODnAm95Nb0BCs2zmBfD69LZR0RrvyIBzGX4M7HuvAXBRoL6Mg/btf60SNEKQRuFNJJk16HgVrbIV6EW+3lyyE+bzDuUs9oR root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBjvazbuX/1xJELPDhrICI8ougmnvtPCrLakerdC/5v6yzev21nI0tGWQB2TC0HEkr3ppNfmLmv9g+4cqOtyf0yRmDrBzu+jjx7Q6du4G2jOZseePKUJnGPUz9+/39VcmoQhFAuHCZbY8VYKiNcgKlmIe177RHBxHuKyD1Z3h29nbQPf+gYwgXR/EiXqZCj4l/gY6Q6cMaxvKGhRYUd6qyiA+aw7ddSSSbl1p3O+vbNwqOqa3PMZ502MGT8dtQMLn8Lug9SJclyXyTmPhiRWiZfIatquvsbMxym0v1P8LNvxCUoFblaGT3i7eW5fEtSZPY0RlGMjyHuKkfqbp83yHb root@testos3
[root@testos2 ~]# 


[root@testos3 ~]# ls -lsa /root/.ssh/
total 12
0 drwx------. 2 root root   61 Sep  8 15:57 .
0 dr-xr-x---. 3 root root  147 Sep  8 10:09 ..
4 -rw-r--r--. 1 root root 1182 Sep  8 15:57 authorized_keys
4 -rw-------. 1 root root 1679 Sep  8 10:09 id_rsa
4 -rw-r--r--. 1 root root  394 Sep  8 10:09 id_rsa.pub
[root@testos3 ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM//HN70PzTafLDUq4VtaNNb78Uy65CrD1LmwLAx3+60sGnurUmmbc5Ls3hVCRJOFM6WmWYfpMOhRQ9ovZ5gKW3uTUdH8E8jxkwvfujsvFvXJgnv9G/akd6yS5OyiMEMoBvB02qRqTnMzXBn6ccCaBnZlgqYbiQpsLauha3FESF7qVV4bTU7Lthp7lHMpfwDfm9SimhbgiMZY4quaX23NVlNj/vJVDN3SW+HqwJBM/aXx9uGU/fMArBp42fLXZZjTb4CvuT1FKhCQhIc4fdP0I8pdLVpFW/p0LRbetAXmaFXcaEuo5wXFnGfDBXfey4gZaOX0B8q4Qb7h21+0W9sQH root@testos1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNH23WbgmRLyrrcKb2WLcCygfkezYZcpd3J2VyEgm/xT266z1D3MQviOTfJ9M1nvOxBN+X0qyovcOiK+mSCO68Q5zwhQR/0VqwkLo/93RU9fK8ZjsTKtxqC/g9n/eGCzPNCxZJs1Iy5xBVYsU/pdJfVGEUQUIeIyGfK+4/NfwWXDzXjm3c/DDrFJGU8OxZF9hghnGbtmStP2G2Ptwk6fDrhJ94hdiGCKtsxLdgO7T/w66OLUSomlXyYODnAm95Nb0BCs2zmBfD69LZR0RrvyIBzGX4M7HuvAXBRoL6Mg/btf60SNEKQRuFNJJk16HgVrbIV6EW+3lyyE+bzDuUs9oR root@testos2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBjvazbuX/1xJELPDhrICI8ougmnvtPCrLakerdC/5v6yzev21nI0tGWQB2TC0HEkr3ppNfmLmv9g+4cqOtyf0yRmDrBzu+jjx7Q6du4G2jOZseePKUJnGPUz9+/39VcmoQhFAuHCZbY8VYKiNcgKlmIe177RHBxHuKyD1Z3h29nbQPf+gYwgXR/EiXqZCj4l/gY6Q6cMaxvKGhRYUd6qyiA+aw7ddSSSbl1p3O+vbNwqOqa3PMZ502MGT8dtQMLn8Lug9SJclyXyTmPhiRWiZfIatquvsbMxym0v1P8LNvxCUoFblaGT3i7eW5fEtSZPY0RlGMjyHuKkfqbp83yHb root@testos3
[root@testos3 ~]#
小徍
关注
专栏目录
Linux下实现双机互信
muyangzi123的博客
04-04 6691
一、双机互信实现背景 平时我们ssh一台机器的时候会要求输入密码,如果经常ssh某台机器,每次输入密码会比较麻烦,而且有些软件会要求机器之间添加互信,下面有很快捷的方法实现双机互信。 我们准备两台虚拟机 192.168.50.131 masterserver 192.168.50.132 redhatclient 其中redhatclient与masterserver需要实现互信,...
Linux互信
qq_25798961的博客
09-07 1272
2,ssh-copy-id后有可能公钥没有分发出去,可以直接把公钥(id_rsa.pub)的内容复制粘贴进对象服务器的authorized_keys文件中,如果没有这个文件可以新建。ssh-keygen #直接三次回车,生成密钥(id_rsa)及公钥(id_rsa.pub)3,对象服务器用户的家目录权限要和源目录服务器用户的家目录服务器一至,否则会互信失败。1,如果ssh-copy-id时没有指定用户,默认时当前用户。
Linux机器之间建立互信
01-09
原理:   是两台机器(web-1和web-2)经过预先设置好经过认证的key文件,双方互相访问时,进行自动认证,从而实现互信。   互信的原理了解了,我们可以把配置ssh互信的步骤进行有效的分割。   1.在要配置互信的机器(web-1和web-2)上生成各自经过认证的key文件。   2.将所有的key文件汇总到一个总的认证文件夹中。   3.将打包的key发给想要进行互信的机器(web-1,web-2)   4.互信的验证   操作:   机器 p1 p2 之间建立 互信   p1 p2 的~/.ssh 目录下 生成 密钥文件  ssh-keygen -t rsa  
【shell】linux服务器如何建立两两互信(附脚本)
最新发布
u014773648的博客
08-15 390
由于工作中会用到很多服务器,服务器间跳转不断输入密码又比较麻烦,所以就搞个小脚本来解决这个痛点,也希望能帮到需要的同学。2: centos7/8 redhat7/8 麒麟V10 统信UOS1020e,已验证可行。工具免费下载,可任意复制使用,如果有bug或需要兼容的操作系统,可评论区交流。1: root和非root用户,已验证可行。
linux主机互信
coding the code,changing the world
05-27 2646
linux配置ssh互信   什么叫linux主机互信Linux主机互信,就是主机之间相互信任,什么是信任,就像人与人之间一样,不需要利用金钱等(除了你自己以外其他的东西)来取得对方的信任,大家相互信任对方,不需要额外的凭证。就好比你,你爸,你妈,你姐之间,不需要钱来维持你们之间的信任。同样,linux主机之间也是,我们从一台主机登陆到另一台时,往往需要验证你,需要你输入用户密码,才允许
Linux 添加互信
绿萝蔓蔓绕枝生
01-18 1636
一、添加主机列表 vi /etc/hosts // 添加内容 ip1 hoatnmae1 ip2 hoatnmae2 ip3 hoatnmae3 二、秘钥分发 2.1、生成秘钥 ssh-keygen -t rsa 2.2、复制秘钥 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys 2.3、分发秘钥 ssh-copy-id -i ~/.ssh/id_rsa.pub -p22 root@192.168.xx.xx 三、分发时报错 分发秘钥时报以
linux服务器互信设置
L丶小先生的博客
03-08 994
linux服务器互信设置
【转】linux建立互信机制
aqc802886的博客
10-20 159
转载自:http://zoufengfu168.blog.163.com/blog/static/5461055201041143524340/ Linux下,要想scp自动输入远端服务器的密码来拷贝文件,一般借助expect脚本来达到目的。两台服务器之间互信是指,用scp拷贝文件、ssh登陆、rsync同步文件等操作的时候,不需要输入远端服务器的用户密码就可以完成操作。 vim ...
linux 服务器 互信建立 免密登录 脚本
08-15
服务器自动化互信脚本 1: 实现服务器间两两互信 2: 支持离线,即使服务器不能连接外网也可行 3: root和非root用户,已验证可行 4: centos7/8 redhat7/8 麒麟V10 统信UOS1020e,已验证可行 5: 配置好服务器信息后,全...
ubuntu不同机器之间建立互信.docx
11-16
这个过程被称为“建立互信”或者“SSH密钥对验证”。以下是一种在Ubuntu 16.04及更高版本上设置两台机器间互信的方法,同样适用于非Ubuntu的Linux发行版。 首先,确保防火墙配置正确。在大多数情况下,我们需要关闭...
建立linux服务器间互信
paradise003的专栏
11-08 1549
诉求:jenkins部署流水线脚本中,需要跨内部linux服务器进行通信,为此去建立两台linux服务器互信,进行免密登录。   1、首先保证两台服务器(如本次需打通233、170间通信)是可通信的,处在相同局域网、彼此在互信白名单中,通过密码或密钥可互相访问;   2、233之前已经生成过SSH密钥对pem文件,直接去170上添加认证,即可免密登录: 在170上添加233的ssh密钥对...
linux机器配置互信
岳来的博客
06-07 3512
linux机器配置互信
linux服务器互信配置
qq_42546635的博客
01-29 3430
在一台服务器上配置好authorized_keys文件后,可以直接粘贴到其他服务器同样的位置上。③~/.ssh/authorized_keys目录位置为当前用户的根目录。2.将公钥粘贴进 ~/.ssh/authorized_keys文件中(没有新建即可)②公钥最后的 用户名@主机名 可以改成 ip地址@主机名。在每台服务器上均执行该命令,生成每台服务器每个用户对应的秘钥。②id_rsa.pub:该文件中是公钥。在你想要配置服务器互信的用户下执行以下配置操作。如果登录成功,则表示配置服务器互信成功。
Linux建立ssh互信
Asui2233的博客
10-09 2516
Linux系统之间建立SSH互信
linux ssh互信配置
mamengna的博客
12-16 752
环境: node1:192.168.3.20 node2:192.168.3.21 用到的命令 ssh-keygen:创建公钥和密钥,会生成id_rsa和id_rsa.pub两个文件 ssh-copy-id:把本地的公钥复制到远程主机的authorized_keys文件(不会覆盖文件,是追加到文件末尾),并且会设置远程主机用户目录的.ssh和.ssh/authorized_keys权限 权限为: chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_...
Linux多主机建立互信及集中管理
hmxz2nn的博客
12-28 516
本文主要参考:Linux快速配置集群ssh互信 在对多个Linux主机进行管理,特别是如大规模数据库集群进行管理时,有必要同时向集群中的每个主机发送命令。当主机数量特别多的时候,一个一个来执行还是很麻烦的,所以有必要通过脚本来执行。本文就分享了这样的脚本。当然,针对这一场景,更强大的工具是ansible,具体可参考:ansible服务部署与使用 关于Linux建立多主机互信,可参考之前的博客:Ce...
linux 创建互信脚本
storm_zpge的专栏
03-06 773
假设需要时A机器ssh访问B机器时无需重复输入密码,则在A机器上执行本脚本,参数为B机器ip。执行过程中需要输入两次B机器的root密码。 #!/bin/bash #set -x remote_ip=${1:-""} SSH_PATH=/root/.ssh KEY_PUB=${SSH_PATH}/id_rsa.pub TMP_KEY_PUB=${KEY_PUB}.tmp TRUST_KEY
LINUX主机互信
hanwang2008的博客
07-12 143
这样从主机1就可以直接SSH到主机2,无需输入密码。3.向主机2复制公钥。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值